Skip to content

fix(cisco_ftd): handle optional spaces in message ID 113014 #14757

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Jul 31, 2025
Merged

fix(cisco_ftd): handle optional spaces in message ID 113014 #14757

merged 8 commits into from
Jul 31, 2025

Conversation

@robester0403
Copy link
Contributor

@robester0403 robester0403 commented Jul 30, 2025
edited
Loading

Fixed parsing of 113014 message codes

...: server = 10.10.10.10...

There can possibly be an 2 spaces between the = and the ip address. This change allows for the parsing of the log if there is more than one space

Proposed commit message

Fixed parsing of 113014 message codes

Checklist

  • [] I have reviewed tips for building integrations and this pull request is aligned with them.
  • [] I have verified that all data streams collect metrics or logs.
  • [] I have added an entry to my package's changelog.yml file.
  • [] I have verified that Kibana version constraints are current according to guidelines.
  • [] I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots
@robester0403 robester0403 added bug Something isn't working, use only for issues Integration:cisco_ftd Cisco FTD Team:Security-Deployment and Devices DEPRECATED Deployment and Devices Security team [elastic/sec-deployment-and-devices] labels Jul 30, 2025
@robester0403 robester0403 linked an issue Jul 30, 2025 that may be closed by this pull request
[Cisco FTD]: Grok Parser Failure #14497
Closed
@robester0403 robester0403 marked this pull request as ready for review July 30, 2025 23:19
@robester0403 robester0403 requested a review from a team as a code owner July 30, 2025 23:19
@elasticmachine
Copy link

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)
@elastic-vault-github-plugin-prod
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport
muthu-mps and others added 3 commits July 31, 2025 10:22
@muthu-mps @robester0403
[Azure AI Foundry] Rename billing dashboard (elastic#14615)
d7d2d89 
* rename billing dashboard
@txhaflaire @robester0403
[Jamf Protect 3.1.0] New pipelines added and enhancements (elastic#14750
445e274 
) * Added support for the following new and upcoming events * network_connect * tcc_modify * pty_grant * pty_close * Enhanced existing events (only added fields, no breaking changes) * mount * remount * unmount
@taylor-swanson @robester0403
[cisco_ftd] Ensure observer zone fields are set (elastic#14748)
a19e152 
- Ensure Ingress and Egress zone values are set to proper ECS fields - This will also allow the network.direction logic to work as intended
@robester0403 robester0403 requested review from a team as code owners July 31, 2025 14:24
@andrewkroh andrewkroh added bugfix Pull request that fixes a bug issue and removed bug Something isn't working, use only for issues labels Jul 31, 2025
@andrewkroh andrewkroh changed the title FIX: changed grok processor to be able to handle any number of spaces… fix(cisco_ftd): handle optional spaces in message ID 113014 parsing Jul 31, 2025
@andrewkroh andrewkroh changed the title fix(cisco_ftd): handle optional spaces in message ID 113014 parsing fix(cisco_ftd): handle optional spaces in message ID 113014 Jul 31, 2025
@elasticmachine
Copy link

💚 Build Succeeded

History
@elastic-sonarqube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube
@robester0403 robester0403 merged commit c29e040 into elastic:main Jul 31, 2025
9 checks passed
@elastic-vault-github-plugin-prod
Copy link

Package cisco_ftd - 3.9.2 containing this change is available at https://epr.elastic.co/package/cisco_ftd/3.9.2/
@robester0403 robester0403 deleted the 113014-cisco-ftd-grok-processor-failure branch August 1, 2025 14:45
robester0403 added a commit to robester0403/integrations that referenced this pull request Aug 14, 2025
@robester0403 @muthu-mps
@txhaflaire @taylor-swanson
fix(cisco_ftd): handle optional spaces in message ID 113014 (elastic#…
23f971c 
…14757) * FIX: changed grok processor to be able to handle any number of spaces between 'server =' and ip address * FIX: Added change log pr link * FIX: Added change log pr link * [Azure AI Foundry] Rename billing dashboard (elastic#14615) * rename billing dashboard * [Jamf Protect 3.1.0] New pipelines added and enhancements (elastic#14750) * Added support for the following new and upcoming events * network_connect * tcc_modify * pty_grant * pty_close * Enhanced existing events (only added fields, no breaking changes) * mount * remount * unmount * [cisco_ftd] Ensure observer zone fields are set (elastic#14748) - Ensure Ingress and Egress zone values are set to proper ECS fields - This will also allow the network.direction logic to work as intended --------- Co-authored-by: muthu-mps <101238137+muthu-mps@users.noreply.github.com> Co-authored-by: Thijs Xhaflaire <thijsxhaflaire31@hotmail.com> Co-authored-by: Taylor Swanson <90622908+taylor-swanson@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bugfix Pull request that fixes a bug issue Integration:cisco_ftd Cisco FTD Team:Security-Deployment and Devices DEPRECATED Deployment and Devices Security team [elastic/sec-deployment-and-devices]

6 participants

@robester0403 @elasticmachine @taylor-swanson @andrewkroh @muthu-mps @txhaflaire